In a traditional functional programming language like ML or
Haskell we could write the WHILE case as follows:

| WHILE b1 DO c1 END =>
if (beval st b1)
then ceval_step1 st (c1; WHILE b1 DO c1 END)
else st

Coq doesn't accept such a definition (Error:Cannotguessdecreasingargumentoffix) because the function we want to
define is not guaranteed to terminate. Indeed, the changed
ceval_step1 function applied to the loop program from Imp.v would
never terminate. Since Coq is not just a functional programming
language, but also a consistent logic, any potentially
non-terminating function needs to be rejected. Here is an
invalid(!) Coq program showing what would go wrong if Coq allowed
non-terminating recursive functions:

Fixpoint loop_false (n : nat) : False := loop_false n.

That is, propositions like False would become
provable (e.g. loop_false0 would be a proof of False), which
would be a disaster for Coq's logical consistency.

Thus, because it doesn't terminate on all inputs, the full version
of ceval_step1 cannot be written in Coq — at least not
without one additional trick...

Second try, using an extra numeric argument as a "step index" to
ensure that evaluation always terminates.

Note: It is tempting to think that the index i here is
counting the "number of steps of evaluation." But if you look
closely you'll see that this is not the case: for example, in the
rule for sequencing, the same i is passed to both recursive
calls. Understanding the exact way that i is treated will be
important in the proof of ceval__ceval_step, which is given as
an exercise below.

Third try, returning an optionstate instead of just a state
so that we can distinguish between normal and abnormal
termination.

Exercise: 2 stars, optional (peven)

Write a While program that sets Z to 0 if X is even and
sets Z to 1 otherwise. Use ceval_test to test your
program.

(* FILL IN HERE *)

☐

Equivalence of Relational and Step-Indexed Evaluation

As with arithmetic and boolean expressions, we'd hope that
the two alternative definitions of evaluation actually boil down
to the same thing. This section shows that this is the case.
Make sure you understand the statements of the theorems and can
follow the structure of the proofs.

Exercise: 4 stars (ceval_step__ceval_inf)

Write an informal proof of ceval_step__ceval, following the
usual template. (The template for case analysis on an inductively
defined value should look the same as for induction, except that
there is no induction hypothesis.) Make your proof communicate
the main ideas to a human reader; do not simply transcribe the
steps of the formal proof.